Conference:
18th International Conference on the Quality of Information and Communications Technology (QUATIC 2025)
Authors:
Apostolidis G, Siavvas M, Kalouptsoglou I, Tsoukalas D, Chatzigeorgiou A, Ampatzoglou A, Kehagias D, Tzovaras D.
Abstract:
Technical Debt (TD) arises from insufficient design and poor coding practices, affecting important software quality attributes. As systems evolve, accumulated TD degrades code structure and increases maintenance complexity. However, poor code quality can potentially lead to the introduction of additional issues, including vulnerabilities. In this study, we examine the relationship between TD and software security across a broad sample of open-source Java projects, using a combination of static code analysis and statistical methods both at project- and at class- level of granularity. Two standalone TD and security assessment tools are employed to evaluate the selected source code artifacts regarding both their quality, measured in terms of TD, and their security level, expressed through a quantitative security score (i.e., the Security Index) and the number of the detected potential security issues. Statistical tests are then performed in order to to examine the existence of potential interrelation.
The results of the analysis show that higher TD is associated with weaker security. Specifically, at project level, the high TD density and the Security Index of the studied projects were found to be negatively correlated, while at class level, high TD probability demonstrates a clear positive correlation with the number of security issues identified in each class, especially in specific vulnerability categories.
